package My::Application;
    use strict;
    use DBI;
    use CGI;

    sub new {
        my $class = shift;
        my $q     = CGI->new;

        my %data  = map { $_, [ $q->param($_) ] } $q->param;

        my $href  = {
            _dbh  =  connect_routine(),
            _data = \%data
        };
        bless $href, $class;
    }

    sub form_data {

        # remember that all data returned from this is tainted!!!!
        my ( $self, $item ) = @_;
        if ( ! exists $self->{ _data }{ $item } ) {
            return undef;
        } elsif ( wantarray ) {
            return @{ $self->{ _data }{ $item } };
        } else {
            return $self->{ _data }{ $item }[0];
        }
    }

    sub get_user_info {
         my ( $self, $id ) = @_;

         # Note the placeholder .. greater security
         my $sql = "SELECT first, last FROM users WHERE id = ?";
         my $sth = $self->{ _dbh }->prepare( $sql );
         my $rc  = $sth->execute( $id );
         .
         .
         .
    }

##</code><code>##

    use strict;
    use My::Application;

    my $app          = My::Application->new;

    # it's transparent to the programmer, but this is getting
    # the data from the submitted form data
    my $user_id      = $app->form_data( 'user_id' );

    # again, we have application specific data, but from
    # the database instead of the user form
    my $user_details = $app->get_user_info( $user );